Translation: every Yahoo user is likely hit by the breach that first occurred in 2013.
It’s been four years since Yahoo suffered a major breach, which saw user names, email addresses, telephone numbers, dates of birth, encrypted passwords, and security questions and answers stolen. And yet, the number of accounts thought to be compromised continues to increase.
In December 2016, Yahoo thought it was a billion accounts. Now it’s all user accounts, or 3 billion.
In an email sent to users, Yahoo said that it “recently obtained additional information [and] determined that your user account information also was likely affected.”
Stolen data could include “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” the email said. It did not include “passwords in clear text, payment card data, or bank account information.”
It’s still unknown who carried out the breach. As ever, Yahoo users (past and present) should ensure they are not reusing passwords across multiple accounts and watch out for email scams that look convincing due to the personal data they contain. If you use the same security questions across sites, change those, too. Use a reputable security suite on your PC, two-factor authentication, and make all your online accounts more secure with a password manager.